rename proxy and begin adding open telemetry

Author: phrocker

.gcp.env.bak

@@ -0,0 +1,4 @@
+SENTRIUS_VERSION=1.0.47
+SENTRIUS_SSH_VERSION=1.0.6
+SENTRIUS_KEYCLOAK_VERSION=1.0.9
+SENTRIUS_AGENT_VERSION=1.0.18

.gitignore

@@ -42,8 +42,8 @@ analytics/target/**
 analytics/target/
 dataplane/target/**
 dataplane/target/
-openai-proxy/target/**
-openai-proxy/target/
+llm-proxy/target/**
+llm-proxy/target/
 node/*
 node_modules/*
 api/node_modules/*
@@ -58,4 +58,4 @@ api/node_modules/*
 
 .settings/*
 .env.bak
-.gcp.env.bak
+cp.env.bak

Dockerfile-jaeger

@@ -65,4 +65,24 @@ public String promptAgent(Map<String, Object> args) throws ZtatException, IOExce
 
             return llmService.askQuestion(chatRequest);
     }
+
+    @Verb(name = "justify_operations", description = "Chats with an agent to justify operations.", isAiCallable = false)
+    public String justifyAgent(Map<String, Object> args) throws ZtatException, IOException {
+        InputStream is = getClass().getClassLoader().getResourceAsStream("agent-config.yaml");
+        if (is == null) {
+            throw new RuntimeException("agent-config.yaml not found on classpath");
+        }
+        AgentConfig config = new ObjectMapper(new YAMLFactory()).readValue(is, AgentConfig.class);
+
+        log.info("Agent config loaded: {}", config);
+        PromptBuilder promptBuilder = new PromptBuilder(verbRegistry, config);
+        var prompt = promptBuilder.buildPrompt();
+        List<Message> messages = new ArrayList<>();
+
+        messages.add(Message.builder().role("system").content(prompt).build());
+
+        ChatRequest chatRequest = ChatRequest.builder().model("gpt-3.5-turbo").messages(messages).build();
+
+        return llmService.askQuestion(chatRequest);
+    }
 }

ai-agent/src/main/java/io/sentrius/agent/analysis/agents/verbs/AgentVerbs.java

@@ -18,4 +18,5 @@ public ResponseEntity<AgentStatus> getStatus() {
         return ResponseEntity.ok(AgentStatus.builder().status("UP").version("1.0.0").health("OK").build());
     }
 
+
 }

ai-agent/src/main/java/io/sentrius/agent/analysis/api/AgentController.java

@@ -189,6 +189,31 @@
             <version>3.20.0</version>
             <scope>compile</scope>
         </dependency>
+        <!-- OpenTelemetry API + SDK -->
+        <dependency>
+            <groupId>io.opentelemetry</groupId>
+            <artifactId>opentelemetry-api</artifactId>
+            <version>${opentelem}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.opentelemetry</groupId>
+            <artifactId>opentelemetry-sdk</artifactId>
+            <version>${opentelem}</version>
+        </dependency>
+
+        <!-- OpenTelemetry instrumentation for Spring Boot -->
+        <dependency>
+            <groupId>io.opentelemetry.instrumentation</groupId>
+            <artifactId>opentelemetry-spring-boot-starter</artifactId>
+            <version>${opentelem-springboot}</version>
+        </dependency>
+
+        <!-- Export to OTLP (OpenTelemetry Protocol) -->
+        <dependency>
+            <groupId>io.opentelemetry</groupId>
+            <artifactId>opentelemetry-exporter-otlp</artifactId>
+            <version>${opentelem}</version>
+        </dependency>
     </dependencies>
 
     <build>

api/pom.xml

@@ -14,6 +14,7 @@
 import io.sentrius.sso.core.dto.TerminalLogDTO;
 import io.sentrius.sso.core.dto.ztat.ZtatRequestDTO;
 import io.sentrius.sso.core.model.security.UserType;
+import io.sentrius.sso.core.model.security.enums.ApplicationAccessEnum;
 import io.sentrius.sso.core.model.security.enums.SSHAccessEnum;
 import io.sentrius.sso.core.model.sessions.SessionLog;
 import io.sentrius.sso.core.model.sessions.TerminalLogs;
@@ -126,4 +127,55 @@ public ResponseEntity<?> requestRegistration(
     }
 
 
+    @PostMapping("/justify")
+    @LimitAccess(applicationAccess = {ApplicationAccessEnum.CAN_LOG_IN})
+    public ResponseEntity<?> justifyOperations(
+        @RequestHeader("Authorization") String token,
+        @RequestParam("agentId") String agentId,
+        @RequestParam("jusitificationId") String jusitificationId,
+        HttpServletRequest request, HttpServletResponse response) throws SQLException, GeneralSecurityException {
+
+        String compactJwt = token.startsWith("Bearer ") ? token.substring(7) : token;
+
+
+        if (!keycloakService.validateJwt(compactJwt)) {
+            log.warn("Invalid Keycloak token");
+            return ResponseEntity.status(HttpStatus.SC_UNAUTHORIZED).body("Invalid Keycloak token");
+        }
+
+        var operatingUser = getOperatingUser(request, response );
+
+        // Extract agent identity from the JWT
+       // String agentId = keycloakService.extractAgentId(compactJwt);
+
+        if (null == operatingUser) {
+            log.warn("No operating user found for agent: {}", agentId);
+            var username = keycloakService.extractUsername(compactJwt);
+            operatingUser = userService.getUserWithDetails(username);
+
+        }
+
+        log.info("Received registration request from agent: {} {}", agentId, operatingUser);
+        // Store the request in the database
+        var ztatRequest = ztatService.createAgentRequest(agentId, "registration", "register",
+            ZeroTrustAccessTokenReason.builder().commandNeed("registration call").reasonIdentifier(UUID.randomUUID().toString()).build(),
+            operatingUser);
+        ztatRequest = ztrService.addJITRequest(ztatRequest);
+
+        // Approve the request if the agent has an active policy ( and it is known and allowed ).
+        if (atplPolicyService.getPolicy(operatingUser).isPresent()) {
+            var admin = userService.getUser(UserType.createSystemAdmin().getId());
+            var approval = ztatService.approveOpsAccessToken(ztatRequest, admin);
+
+            return ResponseEntity.ok(Map.of("ztat_token", approval.getToken().toString()));
+
+        } else {
+            log.warn("No active policy found for agent: {}", agentId);
+            return ResponseEntity.status(428).body(Map.of("ztat_request", ztatRequest.getId()));
+        }
+
+
+
+    }
+
 }

api/src/main/java/io/sentrius/sso/controllers/api/AgentApiController.java

@@ -78,3 +78,11 @@ management.endpoints.web.exposure.include=health
 management.endpoint.health.show-details=always
 ### change for production environments
 https.required=${HTTP_REQUIRED:true}
+# Where Spring Boot sends traces
+otel.exporter.otlp.endpoint=${OTEL_EXPORTER_OTLP_ENDPOINT:http://localhost:4317}
+otel.traces.exporter=otlp
+otel.metrics.exporter=none
+otel.logs.exporter=none
+otel.resource.attributes="service.name=ai-agent"
+otel.traces.sampler=always_on
+otel.exporter.otlp.timeout=10s

api/src/main/resources/application.properties

@@ -229,6 +229,31 @@
             <version>3.20.0</version>
             <scope>compile</scope>
         </dependency>
+        <!-- OpenTelemetry API + SDK -->
+        <dependency>
+            <groupId>io.opentelemetry</groupId>
+            <artifactId>opentelemetry-api</artifactId>
+            <version>${opentelem}</version>
+        </dependency>
+        <dependency>
+            <groupId>io.opentelemetry</groupId>
+            <artifactId>opentelemetry-sdk</artifactId>
+            <version>${opentelem}</version>
+        </dependency>
+
+        <!-- OpenTelemetry instrumentation for Spring Boot -->
+        <dependency>
+            <groupId>io.opentelemetry.instrumentation</groupId>
+            <artifactId>opentelemetry-spring-boot-starter</artifactId>
+            <version>${opentelem-springboot}</version>
+        </dependency>
+
+        <!-- Export to OTLP (OpenTelemetry Protocol) -->
+        <dependency>
+            <groupId>io.opentelemetry</groupId>
+            <artifactId>opentelemetry-exporter-otlp</artifactId>
+            <version>${opentelem}</version>
+        </dependency>
     </dependencies>
 
 

core/pom.xml

@@ -92,7 +92,7 @@ <T> String callPostOnApi(String endpoint, @NonNull String apiEndpoint, T body) t
             return response.getBody(); // This is the ZTAT (JWT or opaque token)
         } else if (response.getStatusCode() == HttpStatus.PRECONDITION_REQUIRED) {
             // we need to get
-            throw new ZtatException("ZTAT Required");
+            throw new ZtatException(response.getBody());
 
         } else {
             throw new RuntimeException("Failed to obtain ZTAT: " + response.getStatusCode());
@@ -128,7 +128,7 @@ <T> String callGetOnApi(String endpoint, @NonNull String apiEndpoint) throws Zta
             return response.getBody(); // This is the ZTAT (JWT or opaque token)
         } else if (response.getStatusCode() == HttpStatus.PRECONDITION_REQUIRED) {
             // we need to get
-            throw new ZtatException("ZTAT Required");
+            throw new ZtatException(response.getBody());
 
         } else {
             throw new RuntimeException("Failed to obtain ZTAT: " + response.getStatusCode());